ISO 9001:2026 Readiness · ISO 27001

Quality and Security.
Certified Together.

Prepare for ISO 9001:2026 while maintaining a serious information security posture. We integrate ISO 9001 transition readiness and ISO 27001 implementation into one practical management system.

Integrated IMS — one system, two certifications ISO 9001:2026 readiness + ISO 27001:2022 UK practitioners, no outsourcing Fixed-scope, no hidden costs

Two certifications don't have to mean twice the work

  • Running ISO 9001 and ISO 27001 as separate systems doubles admin overhead
  • Most consultants deliver one standard at a time, missing integration opportunities
  • Generic templates that don't reflect your actual processes or risk profile
  • Security and quality objectives pulling in different directions

Integrated from the start

  • Single IMS covering both standards — shared policy framework, unified risk register
  • Shared management review, objectives, and internal audit programme
  • ISO 27001 Annex A controls mapped to your QMS processes
  • One certification cycle, two accredited certificates
Services

What we deliver

Structured, practitioner-led services from initial assessment through to post-certification support.

Integrated Gap Analysis

A combined assessment covering ISO 9001:2026 readiness themes and ISO 27001:2022 requirements. We identify overlapping controls, shared governance evidence, and the actions you should take before the final ISO 9001 publication.

  • ISO 9001 readiness themes: leadership, context, change, software, improvement
  • ISO 27001 clauses 4–10 + Annex A
  • Overlap and integration mapping
  • Prioritised action plan for both standards

Integrated IMS Documentation

A single documentation framework covering both standards — shared Quality and Information Security Policy, unified risk methodology, combined objectives register, and all mandatory documented information.

  • Combined Quality and Security Policy
  • Unified risk and opportunity register
  • Information Security Risk Assessment (ISO 27001 §6.1)
  • Statement of Applicability (SoA) for Annex A

Dual Standard Implementation

Embedding both management systems into your operations simultaneously with one governance framework, one set of management reviews, and one continual improvement cycle.

  • Shared management review structure
  • Integrated objectives and KPI framework
  • Combined competence and awareness programme
  • ISO 9001 transition readiness baked into the audit plan

ISO 27001 Information Security Controls

Full implementation of ISO 27001:2022 Annex A controls mapped to your risk assessment. Asset inventory, access control, incident response, business continuity — built around your actual IT landscape.

  • Asset register and classification
  • Access control framework
  • Incident response and reporting process
  • Business continuity and disaster recovery planning

Internal Audit Programme

A single audit programme covering both ISO 9001 and ISO 27001. We design the schedule, train your lead auditor, and conduct the first full cycle across both standards.

  • Combined audit schedule
  • Lead auditor training (2 days)
  • First audit cycle across both standards
  • Nonconformity and corrective action process

Dual Certification Preparation

Stage 1 and Stage 2 preparation for both certification bodies — or a single body offering both certifications. Mock audits, document reviews, and open action close-out.

  • Mock audit simulation (both standards)
  • Certification body selection guidance
  • Stage 1 and Stage 2 attendance
  • Post-audit corrective action support
How it works

One integrated programme for quality transition and security certification

01

Integrated Readiness Review

Combined assessment across ISO 9001:2026 readiness themes and ISO 27001:2022, identifying overlaps and integration opportunities from day one.

02

IMS Design

Design of a single Integrated Management System framework covering quality and information security objectives, risks, and controls.

03

Documentation & Controls

Complete documentation package including the Statement of Applicability, QMS procedures, Annex A controls, and all mandatory records.

04

Implementation

Embedding both systems into operations — process ownership, training, management review, and the ISO 27001 control implementation.

05

Internal Audit & Close-out

First combined internal audit across both standards, with corrective action close-out before certification stage 1.

06

Dual Certification

Stage 1 and Stage 2 with your chosen UKAS-accredited certification body. We attend and manage the process end-to-end.

Who we are

Built by people who have done this from the inside

Rotix is a professional services practice founded by people who have spent careers implementing standards, managing audits, and building management systems for real organisations — not as consultants parachuted in, but as practitioners embedded in the work.

Our team brings together expertise in Quality Management, Information Security, Engineering, Operations, Computing, and Business Leadership. We designed our Integrated IMS approach because we saw how much time and money organisations waste maintaining two parallel systems when both standards share the same Annex SL structure.

For 2026, that also means helping clients prepare for ISO 9001 transition themes without pretending the final text is already published. If you want one coherent system for quality and security, built with evidence and not guesswork, let's talk.

Operations & QMS

Lead quality practitioner with hands-on IMS implementation experience across manufacturing, services, and infrastructure sectors.

Engineering & Security

Systems engineering and information security background; leads ISO 27001 Annex A implementation, risk assessment, and technical controls.

Business & Compliance

Business leadership and audit background; client engagement, management review facilitation, and surveillance preparation.

Free resources

Useful starting points

Practical resources to help you understand what's involved before you commit to anything.

ISO 9001:2026 + ISO 27001 Integration Guide

How to design an Integrated Management System that prepares for ISO 9001 transition themes while satisfying ISO 27001 without doubling your documentation or audit overhead.

Download free

ISO 27001 Annex A Control Summary

Plain-English summary of all 93 controls in ISO 27001:2022 Annex A — what each control requires and how to evidence it.

Download free

Statement of Applicability Template

A structured SoA template covering all Annex A control categories with justification and applicability fields ready to complete.

Download free
Pricing

Transparent, straightforward pricing

Prices shown are starting points for a defined scope. Your exact investment is confirmed after an initial conversation — no hourly rates, no scope creep.

Starter
Gap analysis and documentation
£ 4,495
starts from
For small businesses taking their first steps toward dual ISO 9001 and ISO 27001 certification.
  • Integrated gap analysis (both standards)
  • IMS documentation framework
  • Quality and Security Policy
  • Statement of Applicability (SoA)
  • Risk assessment methodology
  • Implementation support
  • Internal audit programme
  • Certification preparation
Most popular
Growth
Full implementation through dual certification
£ 8,995
starts from
For growing businesses that need full IMS implementation and dual certification preparation.
  • Everything in Starter
  • Full IMS implementation (both standards)
  • ISO 27001 Annex A control implementation
  • Combined internal audit (first cycle)
  • Lead auditor training (2 days)
  • Dual certification preparation
  • Stage 1 and Stage 2 attendance
  • Post-certification maintenance
Elite
Complex organisations and multi-site
POA
tailored scope
For larger organisations requiring bespoke IMS architecture, multi-site scope, and ongoing compliance management.
  • Everything in Growth
  • Multi-site IMS architecture
  • Post-certification maintenance (year 1)
  • Dual surveillance audit preparation
  • Annual management review facilitation
  • Continual improvement programme
  • Dedicated practitioner contact
  • Priority response SLA
Cost+ Services

Additional services

Available across all packages and priced separately based on scope. Every engagement is different — we scope and quote each service individually.

Digital QMS & Process Automation
  • QMS Software ImplementationConfiguring digital QMS platforms — Microsoft 365, SharePoint, or Activ — to manage document control, audits, and non-conformities.
  • Business Process AutomationReplacing manual, paper-based processes with automated digital workflows including document approval and review cycles.
  • Document Control System SetupSecure, version-controlled cloud storage on SharePoint or Google Drive, configured to meet ISO document control requirements.
IT Risk & Audit Services
  • IT Risk AssessmentsIdentifying and evaluating threats to information security and operational technology across your environment.
  • Internal IT AuditsConducting internal audits to evaluate compliance with ISO 27001, Cyber Essentials, or your own internal IT policies.
  • Supplier Security AuditsAuditing the IT security posture of your key suppliers to understand and manage third-party risk.
Strategic IT Consulting
  • IT Governance & Strategy PlanningAligning your IT infrastructure with business strategy and quality objectives to support long-term growth.
  • Virtual CIO (vCIO) ServicesActing as a part-time IT Director to manage your technology roadmap, vendor relationships, and IT investment decisions.
  • AI Readiness & Security AssessmentsAdvising on the adoption of AI technologies, including compliance with emerging AI governance frameworks such as ISO 42001.
Technical Training & Awareness
  • Staff Information Security TrainingEducating your team on phishing recognition, password management, data protection obligations, and secure working practices.
  • ISO Training ServicesIn-house training programmes for ISO 9001, ISO 27001, or ISO 22301 — from awareness sessions to lead auditor preparation.

All additional services are scoped and quoted individually.

FAQ

Common questions

Why certify to both ISO 9001 and ISO 27001 together?
Both standards use the same Annex SL high-level structure — shared clauses for context, planning, support, operation, evaluation, and improvement. Designing them as an integrated system from the start means one management review, one risk framework, one audit programme. It's significantly less overhead than maintaining two separate systems.
Is ISO 9001:2026 already published, and does that block an integrated project?
No. Public guidance indicates publication is expected in September 2026, so we treat ISO 9001 as a readiness and transition workstream until the final text is available. That does not block an integrated project — it lets you improve leadership evidence, change control, audit coverage, and governance now while continuing with ISO 27001 implementation.
Do we need separate certification bodies for each standard?
No. Several UKAS-accredited certification bodies (including BSI, NQA, and Bureau Veritas) offer both certifications. You can achieve ISO 9001 and ISO 27001 certification in a single combined audit, which reduces cost and administrative effort significantly.
What technical IT knowledge do we need?
ISO 27001 is a management standard, not a technical one. You don't need to be an IT organisation. The Annex A controls are risk-based — we help you select and implement only the controls applicable to your context. Many of our clients are professional services firms with modest IT environments.
What is the Statement of Applicability?
The SoA is a mandatory ISO 27001 document that lists all 93 Annex A controls, states whether each is applicable to your organisation, and justifies inclusions and exclusions. We produce this as part of the documentation package, based on your risk assessment output.
Can we add other standards later?
Yes. ISO 14001 (environmental) and ISO 45001 (health and safety) both use the same Annex SL structure. If you're already running ISO 9001 and ISO 27001, adding further standards is largely a case of extending your existing management system framework rather than building something new.

Ready to align ISO 9001 transition readiness with ISO 27001?

Get a free integrated readiness assessment covering ISO 9001 transition themes and ISO 27001 implementation priorities — no obligation.